Richard Clarke Also Suggests Hacking Has Made F-35 Ineffective

A number of people have pointed to this interview for Richard Clarke’s suggestion that the US, not Israel, bears most of the responsibility for the StuxNet attack.

But I’m just as interested in his assessment that hacking threatens to undercut our ability to deploy our fanciest war toys.

“I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong,” he tells me. “Every major company in the United States has already been penetrated by China.”

“What?”

“The British government actually said [something similar] about their own country. ”

Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And don’t get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in them—“logic bombs,” trapdoors and “Trojan horses,” all ready to be activated on command so we won’t know what hit us. Or what’s already hitting us.

“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”

But Clarke’s concerns reach beyond the cost of lost intellectual property. He foresees the loss of military power. Say there was another confrontation, such as the one in 1996 when President Clinton rushed two carrier battle fleets to the Taiwan Strait to warn China against an invasion of Taiwan. Clarke, who says there have been war games on precisely such a revived confrontation, now believes that we might be forced to give up playing such a role for fear that our carrier group defenses could be blinded and paralyzed by Chinese cyberintervention. [my emphasis]

The other day, I suggested that our inability to protect our defense and defense contractor networks means we’re wasting billions on hacking-related rework.

That’s not the only way our vulnerability to hacking will rot our national security supremacy. As Clarke notes, it will make all the defenses we build into our weapons systems less effective. All of which won’t stop us from dumping the national treasure into already-compromised toys. It’ll just make those toys more expensive.

Hard working entrepreneurs have stitched together a fabric of mutual advantage creating the vast Asia-Pacific tent of economic cooperation. Would the US really take umbrage with a Taiwanese capitalist democracy leading the modernization of China’s domestic consumer base? A capitalist Trojan horse in some sense?

Hardware and software that can’t survive a little hacky-whacky phreak-out, is obsolete. Sometimes, those intruders are not from another country! (Rivals need intel inside, too.) Besides, reworking the firmware is job security for geeks. Call it the Engineering Change Order Stimulus Act! Go build a fab line in Idaho if you worry about memory chips dual-ported to Bejing.

So did we give away the store? Did we just go from “Bring it on!” to call me a waaaammmmbulance? Spilt trillions — wasted on military technology no longer exclusive to the West — could well be something to leverage into sharper plowshares. Maybe not all technology is dual use, but a jet without armaments is just another way to get to point B, as opposed to, say, “I am become Death, the shatterer of Worlds”.

Modern technology is marketed as our advantage to exploit indefinitely. Hubris! Stuff and rubbish! Just more bucks for the bang.

There isn’t really much point in threatening our neighbors with annihilation when this capability has proliferated so extensively as to empower mutually-assured debacle. Confrontation with China over Taiwan becomes less and less realistic as time passes.

Cyberbombs and such in hardware and software is not just a concern from China or other international sources, it is local as well. Fierce competition and the degenerated position of Capitalism all but insures such attacks can and will be generated within the borders of USA.

Clarke’s assessment, as presented here, is a no-brainier. If we expect to dominate militarily, it would require the total cooperation of all parties acting as suppliers and general contractors to suspend the focus on the bottom line and look to the total needs of the systems under design and construction. The last time we came anywhere near this position was WWII, where Yamamoto told his superiors that if Japan was not at the White House dictating surrender terms in 6 months after Pearl, Japan could not win. He knew the machine well.

I have mixed feelings about a dominant military anywhere. The US was in a unique position to follow the dictum: “Walk softly but carry a big stick” because as a democracy, we have a control over both elements. Swaggering and bravado was not the way we exercised dominance. At least as a nation, Capitalism not withstanding.

Rough thoughts to be sure, but after living 70+ years, something’s do stick and do not rub off.

I hope he’s right. That would be great, next time we go to war, it just grinds to a halt with puffs of smoke and springs popping out and comical clanking grinding noises and dreadnoughts going round and round in circles. I’m sure they’ve given this a lot of thought. In addition to be incomparably smarter than our best redneck military chumps, the Chinese have a very good sense of humor. You know they’re laughing their asses off now that the Ayatollah takes his kid to the park to fly America’s stealth drone around the lake.

People really need to think about this a little more clearly in terms of motives, not just capabilities. If a country is engaging in commercial cyberespionage, it is much less likely to engage in cyberterrorism because it is invested in the global economic system. The vast majority of China’s known and presumed hacking activities are really just commecial espionage. Even the F-35 stuff is mostly that.

It’s funny, in weird sort of way, the way we worry about “logic bombs” in hardware, when the entire world is dependent on the U.S. or its proxies for the software that runs most devices. How many countries are there with no Windows desktops? I’m pretty sure that the number is zero. How about no Cisco networking gear? No iOS devices? Ok, that number is probably larger than zero, but not by much. And the open source community isn’t in much better shape. U.S. developers contribute to the vast majority of OSS.

@William Ockham: But doesn’t this have a big strategic effect, in any case? I made the analogy in my last post with Russia: we bankrupted them by forcing them into an arms war. China can bankrupt us by making us pay $400B for a weapons system that offers little strategic advantage.

@person1597: Yes, we gave away the store. We’ve been giving away the store for decades but especially this past decade. First we gave away the cheap and not so important parts of the store. Then we gave away the manufacturing. Now we are giving away the R&D. It’s stupid beyond belief.

All to cut the labor costs and undermine the country in a few different ways all at the same time.

If, as seen on blogs, the global community can travel and meet online — it’s because the enabling network supports and enriches the intellectual environment. What inadvertently happened along the way was organic growth — something not possible without a robust distributed network and a user base that keeps on burgeoning.

US initiatives in semiconductor technology were tied to both foreign and domestic market opportunities. When emerging Asian chip demand outstripped the total available production capacity, the logical thing was to open up design centers near the market channels.

China has vertically integrated all the ingredients for a high-tech economy over the period of time that the economies of the west were outsourcing the production. Cash money making the trip back to the US as cheap credit for business loans and mortgages was all to buy more cheap gadgets made at the lowest possible cost. Win-win? Well, no.

The credit dilemma is most intractable since our technology business model requires sustained investment in R&D and is generally financed as an expense — that is, reluctantly, if at all… The wherewithal to finance innovation has dried up and that is what is damaging US competitiveness.

Underutilized domestic capacity sits idle and drags down the economy. How can an industry stand up with a vision for something more practical when the money is all deployed in financial weapons of mass distraction?

@William Ockham: Yes, people do need to think a little more clearly. William.

China has the ability to independently produce its own network equipment. No Cisco required (Cisco btw has become increasingly less relevent over the years with major competitors eating at their customer and knowledge base).

Logic hardware – doesn’t mean dumb hardware. Frequently it comes with embedded logic “software” burned into the hardware. And that software is much harder to get to and analyze than higher level software like operating systems. You can have a whole TCP/IP protocol stack burned into an embedded logic chip. Lots of opportunities there for cyberhacking.

Windows desktops, really? So what. They’re easily compromised (to our disadvantage) as a wealth of experience has shown and the PLA is not dependent on running Windows. They can take advantage of our open source software by forking a Linux code base specifically for their needs. They certainly have the expertise to maintain that code base without outside assistance but if not they can diff the code bases to determine where to make particularly necessary updates. See Red Flag Linux as an example.

iOS devices??? Manufactured in China. What an opportunity for them to insert their own logic bombs. And as far as them being dependent on us well they also manufacture Android phones with source code available to the manufacturer. And they manufacture the embedded logic chips for them as well.

F35 Commercial espionage. We’re not talking glossy color photos and customer specification lists. We’re talking several years access to BAE’s technical specifications for the design and construction of at least their portion of the work for the F35. That’s extremely damaging both from the rework perspective, the additional cost/complexity to harden systems that didn’t previously need to be hardened and the increased vulnerabilities for things that can’t be protected against. Not to mention the boost it gives the Chinese in the development of their own aircraft technology.

Unless we go nuclear against the Chinese they don’t have much to worry about from us, militarily.

They do have much more pressing problems internally to deal with. Lack of resources to continue growth, multiple potential causes for widespread famine, major ecological catastrophes (deforestation, climate change), a huge imbalance between the numbers of men and women due to their 1 child policy, large scale water pollution and a need to show continued increases in their standard of living as they transition from an agrarian society to an industrial society.

@person1597: Credit dilemma for R&D? That’s not nearly as damaging as the effects of a generation of Americans choosing to go into finance to make a living leaving an R&D/Technical employment vacuum to be filled by H1B visa holders. Or the overseas outsourcing of software development.

Some stay, some go, but they also provide a conduit for that expertise to be transferred out of the country and used to compete against us.

It’s not just that the underutilized domestic capacity sits idle. It’s that it doesn’t get invested in and grows obsolete becoming less competitive by the year thereby reinforcing the negative downward spiral of our industrial base.